Network security policies including security rules to control network security devices may be stored in network security policy configuration files. Network security administrators can find it useful to compare such configuration files against each other in search of similarities and differences between the files. Conventional comparisons include inflexible comparisons between configuration parameters in different files, where the configuration parameters are expressed at an “atomic” level, e.g., the parameters are expressed strictly as numerical values. Such low-level comparisons result in low-level comparison results rather than high-level comparison information indicative of user intent that is more useful to the network administrator.